Amendments to the Claims 

1 . (currently amended) A method for operating a public-key encryption scheme 
which provides for sending a digital message M between a sender and a recipient with 
participation of an authorizer, wherein the digital message is encrypted by the sender and 
decrypted by the recipient, the method comprising encrypting, by at least one machine in a 
set of one or more machines, the digital message M using at least a recipient public key 
RPUB and a recipient encryption key RENC to create an encrypted digital message for 
decryption with a recipient private key RPRIV and a recipient decryption key RDEC, 
wherein: 

the recipient public key RPUB and the recipient private key RPRIV form a public 
key/ private key pair 1, wherein the recipient private key RPRIV is a secret of the recipient; 

the recipient decryption key RDEC is generated using at least a key generation secret 
of the authorizer and the recipient encryption key RENC , wherein a key formed from the 
recipient encryption key RENC and a key formed from the recipient decryption key RDEC 
are a public key/ private key pair 2j 

wherein the recipient decryption key RDEC is generated by the authorizer to have a 
value S - S rPn , wherein: 

s a is the key generation secret of the authorizer; and 

-Pr is the recipient encryption key RENC and is equal to Hi(lnfn), wherein Infg is an 
element of a first cyclic group G i _ of elements, wherein Pn is an element of a second cyclic 
group G? of elements, and H L is a predefined function ("first function H£X wherein the first 
and second cyclic groups Gj and G? and the function H \ are system parameters made 
available to the sender, and also available to the sender are system parameters comprising: 

a generator P of the first cyclic group Gnj 

a key generation parameter Q = scP; 

a second function Hg capable of generating a second string of binary digits from an 
element of the second cyclic group G? . 

wherein Infa comprises the identity of the recipient, IDr gn , the recipient public key 
RPUB, and a parameter defining a validity period for the recipient decryption key RDEC . 
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2. (currently amended) The method of claim 1, wherein the recipient 
encryption key RENC is generated from information comprising the identity of the recipient. 

3. (currently amended) The method of claim 1, wherein the recipient 
encryption RENC key is generated from information comprising a parameter defining a 
validity period for the recipient decryption key RDEC . 

4. (currently amended) The method of claim 1 , wherein the recipient 
encryption key RENC is generated from information comprising the recipient public key 
RPUB . 

5. (currently amended) The method of claim 1, wherein the recipient 
encryption key RENC is generated from information comprising the identity of the recipient, 
the recipient public key RPUB , and a parameter defining a validity period for the recipient 
decryption key RDEC . 

6. (currently amended) The method of claim 1 , wherein the recipient 
decryption key RDEC is generated by the authorizer according to a schedule known to the 
sender. 

7. (currently amended) The method of claim 6, wherein the recipient 
encryption key RENC is generated using at least information comprising the schedule. 

8. (currently amended) The method of claim 1, wherein the recipient private 
key RPRIV and the recipient public key RPUB are generated using at least one system 
parameter issued by the authorizer. 

9-10. (canceled) 

1 1 . (currently amended) The method of claim [[9]] \, wherein both the first 
group Gi and the second group G2 are of the same prime order q. 

12. (currently amended) The method of claim [[9]] 1 wherein the first cyclic 
group Gi is an additive group of points on a supersingular elliptic curve or abelian variety, 
and the second cyclic group G 2 is a multiplicative subgroup of a finite field. 
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13. (currently amended) The method of claim [[9]] I wherein the system 
parameters available to the sender further comprise a function e which is a bilinear, non- 
degenerate, and efficiently computable pairing which maps Gi X Gi into G2. 

14. (previously presented) The method of claim 1 1 wherein: 
5c is an element of the cyclic group Z IqZ . 

15. (currently amended) The method of claim 9, 

A method for operating a public-key encryption scheme which provides for sending 
a digital message M between a sender and a recipient with participation of an authorizer, 
wherein the digital message is encrypted by the sender and decrypted by the recipient, the 
method comprising encrypting, by at least one machine in a set of one or more machines, the 
digital message M using at least a recipient public key RPUB and a recipient encryption key 
RENC to create an encrypted digital message for decryption with a recipient private key 
RPRIV and a recipient decryption key RDEC, wherein: 

the recipient public key RPUB and the recipient private key RPRIV form a public 
key/ private key pair 1, wherein the recipient private key RPRIV is a secret of the recipient; 

the recipient decryption key RDEC is generated using at least a key generation secret 
of the authorizer and the recipient encryption key RENC, wherein a key formed from the 
recipient encryption key RENC and a key formed from the recipient decryption key RDEC 
are a public key/ private key pair 2; 

wherein the recipient decryption key RDEC is generated by the authorizer to have a 
value S = S rFn , wherein: 

s c is the key generation secret of the authorizer: and 

Pb is the recipient encryption key RENC and is equal to i/ i /Info), wherein Infg is an 
element of a first cyclic group G^ of elements, wherein Pn is an element of a second cyclic 
group G? of elements, and H i _ is a predefined function ("first function H"\ wherein the first 
and second cyclic groups Gj and G? and the function H \ are system parameters made 
available to the sender, and also available to the sender are system parameters comprising: 

a generator P of the first cyclic group G u 

a key generation parameter Q = sc P; 
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a second function Hi capable of generating a second string of binary digits from an 
element of the second cyclic group G? ; 

wherein encrypting the digital message M comprises: 

generating an element P ' B = H r (ID rec ), wherein ID rec comprises the identity of the 
recipient and wherein i/r is a function capable of generating an element of the first cyclic 
group Gi from a string of binary digits; 

selecting a random key generation secret r; and 

encrypting the digital message M to form a ciphertext C, wherein C is set to be: 
C = [rP, M 0 H 2 (g% where g = e(Q, P B )e(PK B , P s) € G 2 , where PK B is the 

recipient public key RPUB and wherein e is a bilinear non-degenerate pairing which maps 

Gi X Gi into G 2 . 

16. (currently amended) The method of claim 1, wherein the recipient 
encryption key RENC is generated from a document and the recipient decryption key RDEC 
is the authorizer's signature on the document. 

17. (currently amended) The method of claim 11, 

A method for operating a public-kev encryption scheme which provides for sending 
a digital message M between a sender and a recipient with participation of an authorizes 
wherein the digital message is encrypted by the sender and decrypted by the recipient, the 
method comprising encrypting, by at least one machine in a set of one or more machines, the 
digital message M using at least a recipient public key RPUB and a recipient encryption key 
RENC to create an encrypted digital message for decryption with a recipient private key 
RPRIV and a recipient decryption key RDEC, wherein: 

the recipient public key RPUB and the recipient private key RPRIV form a public 
key/ private key pair 1, wherein the recipient private key RPRIV is a secret of the recipient: 

the recipient decryption key RDEC is generated using at least a key generation secret 
of the authorizer and the recipient encryption key RENC, wherein a key formed from the 
recipient encryption key RENC and a key formed from the recipient decryption key RDEC 
are a public key/ private key pair 2; 
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wherein the recipient decryption key RDEC is generated by the authorizer to have a 
value S - S cPh , wherein: 

Sg is the key generation secret of the authorizer; and 

Pr is the recipient encryption key RENC and is equal to HiCLofpt). wherein Infg is an 
element of a first cyclic group Gj of elements, wherein Pn is an element of a second cyclic 
group G? of elements, and H± is a predefined function ("first function H"), wherein the first 
and second cyclic groups and G? and the function H± are system parameters made 
available to the sender, and also available to the sender are system parameters comprising: 

a generator P of the first cyclic group G u 

a key generation parameter 0 = scP; 

a second function Hg capable of generating a second string of binary digits from an 
element of the second cyclic group G? ; 

wherein both the first group G^ and the second group G? are of the same prime order 

01 

wherein encrypting the digital message M comprises: 
generating an element P'b = Hi'(ID rec ) wherein Hv is a function capable of 
generating an element of the first cyclic group Gi from a string of binary digits; 
choosing a random parameter a e {0,1 } n ; 
set a random key generation secret r = Ufa, M); and 

encrypting the digital message M to form a ciphertext C, wherein C is set to be: 
C = [tP, M 0 H 2 (g), E H 4 (o)( M )]> where g = e(& PB)e(PK B , P ' B ) e G 2 , wherein 
PKg is the recipient public key RPUB , wherein H 3 is a function capable of generating an 
integer of the cyclic group Z IqL from two strings of binary digits, H 4 is a function capable 

of generating one binary string from another binary string, E is a symmetric encryption 
scheme, e is a bilinear non-degenerate pairing which maps Gi X Gi into G 2 , and £[4(0-) is the 
key used with E. 

18-116. (cancelled) 
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117. (currently amended) The method of claim 1 wherein the method further 
comprises the recipient performing, by at least one machine in the set of the one or more 
machines, operations of: 

generating the recipient public key RPUB and the recipient private key RPRIV; 

decrypting the encrypted digital message using at least the recipient private key 
RPRIV and the recipient decryption key RDEC . 

118. (currently amended) The method of claim 1 wherein the method further 
comprises the authorizer selecting, by at least one machine in the set of the one or more 
machines, said key generation secret and generating the recipient decryption key RDEC and 
sending the recipient decryption key to the recipient. 

119. (canceled) 

120. (currently amended) The method of claim 1 1 8 wherein the method further 
comprises the recipient performing, by at least one machine in the set of the one or more 
machines, operations of: 

generating the recipient public key RPUB and the recipient private key RPRIV : 

decrypting the encrypted digital message using at least the recipient private key 
RPRIV and the recipient decryption key RDEC . 

121-123. (canceled) 

124. (currently amended) The method of claim 1 further comprising generating, by 
at least one machine in the set of the one or more machines, the recipient encryption key 
RENC by the authorizer and/or the recipient and/or the sender. 
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125. (currently amended) The method of claim 2 further comprising generating, by 
at least one machine in the set of the one or more machines, the recipient encryption key 
RENC . 

126. (currently amended) The method of claim 3 further comprising generating, by 
at least one machine in the set of the one or more machines, the recipient encryption key 
RENC . 

127. (currently amended) The method of claim 4 further comprising generating, by 
at least one machine in the set of the one or more machines, the recipient encryption key 
RENC . 

128. (currently amended) The method of claim 5 further comprising generating, by 
at least one machine in the set of the one or more machines, the recipient encryption key 
RENC . 

129. (currently amended) The method of claim 6 wherein the method further 
comprises the authorizer selecting, by at least one machine in the set of the one or more 
machines, said key generation secret and generating, by at least one machine in the set of the 
one or more machines, the recipient decryption key RDEC and sending, by at least one 
machine in the set of the one or more machines, the recipient decryption key RDEC to the 
recipient. 

130. (currently amended) The method of claim 7 further comprising generating, by 
at least one machine in the set of the one or more machines, the recipient encryption key 
RENC . 
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131. (currently amended) The method of claim [[9]] 4 wherein the method further 
comprises the authorizer selecting, by at least one machine in the set of the one or more 
machines, said key generation secret and generating, by at least one machine in the set of the 
one or more machines, the recipient decryption key RDEC and sending, by at least one 
machine in the set of the one or more machines, the recipient decryption key RDEC to the 
recipient. 

132. (currently amended) The method of claim [ [ 1 0]] 15 wherein the method 
further comprises the authorizer selecting, by at least one machine in the set of the one or 
more machines, said key generation secret and generating, by at least one machine in the set 
of the one or more machines, the recipient decryption key RDEC and sending, by at least 
one machine in the set of the one or more machines, the recipient decryption key RDEC to 
the recipient. 

133. (currently amended) The method of claim 1 1 wherein the method further 
comprises the authorizer selecting, by at least one machine in the set of the one or more 
machines, said key generation secret and generating, by at least one machine in the set of the 
one or more machines, the recipient decryption key RDEC and sending, by at least one 
machine in the set of the one or more machines, the recipient decryption key RDEC to the 
recipient. 

1 34. (currently amended) The method of claim 1 2 wherein the method further 
comprises the authorizer selecting, by at least one machine in the set of the one or more 
machines, said key generation secret and generating, by at least one machine in the set of the 
one or more machines, the recipient decryption key RDEC and sending, by at least one 
machine in the set of the one or more machines, the recipient decryption key RDEC to the 
recipient. 
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135. (currently amended) The method of claim 13 wherein the method further 
comprises the authorizer selecting, by at least one machine in the set of the one or more 
machines, said key generation secret and generating, by at least one machine in the set of the 
one or more machines, the recipient decryption key RDEC and sending, by at least one 
machine in the set of the one or more machines, the recipient decryption key RDEC to the 
recipient. 

136. (currently amended) The method of claim [[14]] 17 wherein the method 
further comprises the authorizer selecting, by at least one machine in the set of the one or 
more machines, said key generation secret and generating, by at least one machine in the set 
of the one or more machines, the recipient decryption key RDEC and sending, by at least 
one machine in the set of the one or more machines, the recipient decryption key RDEC to 
the recipient. 

137. (canceled) 

138. (currently amended) The method of claim 16 wherein the method further 
comprises the authorizer selecting, by at least one machine in the set of the one or more 
machines, said key generation secret and generating, by at least one machine in the set of the 
one or more machines, the recipient decryption key RDEC and sending, by at least one 
machine in the set of the one or more machines, the recipient decryption key RDEC to the 
recipient. 

139. (currently amended) The method of claim 1 6 wherein the method further 
comprises the recipient performing, by at least one machine in the set of the one or more 
machines, operations of: 

generating the recipient public key RPUB and the recipient private key RPRIV; 
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decrypting the encrypted digital message using at least the recipient private key 
RPRIV and the recipient decryption key RDEC . 

140. (canceled) 

141 . (currently amended) The method of claim [[18]] 15 wherein the method 
further comprises the recipient performing, by at least one machine in the set of the one or 
more machines, operations of. 

generating the recipient public key RPUB and the recipient private key RPRIV ; and 

decrypting the encrypted digital message to recover the digital message using at least 
the recipient private key RPRIV and the recipient decryption key RDEC . 

142-144. (canceled) 

145. (currently amended) The method of claim 17 142 wherein further comprising 
the recipient performing, by at least one machine in the set of the one or more machines, 
operations of. 

generating the recipient public key RPUB and the recipient private key RPRIV ; and 

decrypting the encrypted digital message to recover the digital message using at least 
the recipient private key RPRIV and the recipient decryption key RDEC . 

146-148. (canceled) 

1 49. (currently amended) The method of claim [[18]] T5 further comprising 
generating, by at least one machine in the set of the one or more machines, the recipient 
encryption key RENC . 
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1 50. (currently amended) The method of claim [[ 1 9]] 16 further comprising 
generating, by at least one machine in the set of the one or more machines, the recipient 
encryption key RENC . 

151. (currently amended) The method of claim [[20]] 17 further comprising 
generating, by at least one machine in the set of the one or more machines, the recipient 
encryption key RENC . 

1 52. (currently amended) The method of claim [[21]] 6 further comprising 
generating, by at least one machine in the set of the one or more machines, the recipient 
encryption key RENC . 

153. (currently amended) The method of claim [[22]] 8 further comprising 
generating, by at least one machine in the set of the one or more machines, the recipient 
encryption key RENC . 

154-155. (canceled) 

1 56. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 1 . 

1 57. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 5. 
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1 58. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim [[9]] 198. 

159. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim [[10]] 200. 

1 60. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 1 1 . 

161. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 13. 

1 62. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 15. 

1 63 . (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 16. 

1 64. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 17. 
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1 65. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim [[18]] 132. 

1 66. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim [[20]] 145. 

1 67. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim [[2211 149. 

168. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim [[23]] 185. 

1 69. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim [[26]] 204. 

1 70. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 117. 
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171. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 118. 

172. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim [[119H 120. 

1 73 . (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim [[123]] 124. 

1 74. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 127. 

175. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 130. 

1 76. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 136. 

1 77. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim [[140]] 139 . 
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1 78. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 141. 

1 79. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim [[142]] 205. 

1 80. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim [[143]] 206. 

181. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim [[147]] 149. 

1 82. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 150. 

183. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 1 52. 

1 84. (currently amended) A method for operating a public-key encryption scheme 
which provides for sending a digital message M between a sender and a recipient with 
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participation of an authorizes, wherein the digital message M is encrypted by the sender 
using at least a recipient public key RPUB and a recipient encryption key RENC to create an 
encrypted digital message and is decrypted by the recipient, the method comprising 
decrypting, by at least one machine in a set of one or more machines, the encrypted digital 
message using at least a recipient private key RPRIV and a recipient decryption key RDEC, 
wherein: 

the recipient public key RPUB and the recipient private key RPRIV form a public 
key/ private key pair 1, wherein the recipient private key RPRIV is a secret of the recipient; 

the recipient decryption key RDEC is generated using at least a key generation secret 
of the authorizer and the recipient encryption key RENC , wherein a key formed from the 
recipient encryption key RENC and a key formed from the recipient decryption key RDEC 
are a public key/ private key pair 2l 

wherein the recipient decryption key RDEC is generated by the authorizer to have a 
value S = S rPn , wherein: 

Sc. is the key generation secret of the authorizer; and 

Pr is the recipient encryption key RENC and is equal to Hrfjiif n ), wherein Infg is an 
element of a first cyclic group G i_ of elements, wherein Pr is an element of a second cyclic 
group G? of elements, and H is a predefined function ("first function H"), wherein the first 
and second cyclic groups Gj and G? and the function H are system parameters made 
available to the sender, and also available to the sender are system parameters comprising: 

a generator P of the first cyclic group G j_; 

a key generation parameter Q = scP\ 

a second function//? capable of generating a second string of binary digits from an 
element of the second cyclic group G? . 

wherein Infg comprises the identity of the recipient, ID,^, the recipient public key 
RPUB, and a parameter defining a validity period for the recipient decryption key RDEC . 

1 85. (currently amended) The method of claim 1 84, wherein the recipient 
encryption key RENC is generated from information comprising the identity of the recipient. 
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1 86. (currently amended) The method of claim 1 84, wherein the recipient 
encryption key RENC is generated from information comprising a parameter defining a 
validity period for the recipient decryption key RDEC . 

1 87. (currently amended) The method of claim 1 84, wherein the recipient 
encryption key RENC is generated from information comprising the recipient public key 
RPUB . 

188. (currently amended) The method of claim 1 84, wherein the recipient 
encryption key RENC is generated from information comprising the identity of the recipient, 
the recipient public key RPUB , and a parameter defining a validity period for the recipient 
decryption key RDEC. 

1 89. (currently amended) The method of claim 1 84, wherein the recipient 
decryption key RDEC is generated by the authorizer according to a schedule known to the 
sender. 

190. (currently amended) The method of claim 1 89, wherein the recipient 
encryption key RENC is generated using at least information comprising the schedule. 

191. (currently amended) The method of claim 1 84, wherein the recipient private 
key RPRIV and the recipient public key RPUB are generated using at least one system 
parameter issued by the authorizer. 

192-193. (canceled) 

194. (currently amended) The method of claim [[192]] 184, wherein both the first 
group Gi and the second group G2 are of the same prime order q. 

1 95. (currently amended) The method of claim [[1 92]] J84, wherein the first 
cyclic group Gi is an additive group of points on a supersingular elliptic curve or abelian 
variety, and the second cyclic group G2 is a multiplicative subgroup of a finite field. 
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1 96. (currently amended) The method of claim [[ 1 92]] 184 wherein the system 
parameters available to the sender further comprise a function e which is a bilinear, non- 
degenerate, and efficiently computable pairing which maps Gi X Gi into G2. 

1 97. (previously presented) The method of claim 1 94 wherein: 
sq is an element of the cyclic group Z IqZ . 

198. (currently amended) Th e m e thod of claim 192, 

A method for operating a public-key encryption scheme which provides for sending 
a digital message M between a sender and a recipient with participation of an authorizer, 
wherein the digital message M is encrypted by the sender using a t least a recipient public 
key RPUB and a recipient encryption key RENC to create an encrypted digital message and 
is decrypted by the recipient the method comprising decrypting, by at least one machine in a 
set of one or more machines, the encrypted digital message using at least a recipient private 
key RPRIV and a recipient decryption key RDEC, wherein: 

the recipient public key RPUB and the recipient private key RPRIV form a public 
key/ private key pair 1, wherein the recipient private key RPRIV is a secret of the recipient: 

the recipient decryption key RDEC is generated using at least a key generation secret 
of the authorizer and the recipient encryption key RENC, wherein a key formed from the 
recipient encryption key RENC and a key formed from the recipient decryption key RDEC 
are a public key/ private key pair 2: 

wherein the recipient decryption key RDEC is generated by the authorizer to have a 
value S = S rPn , wherein: 

s & is the key generation secret of the authorizer: and 

Pn is the recipient encryption key RENC and is equal to // i /InfW), wherein Infg is an 
element of a first cyclic group G i of elements, wherein Pn is an element of a second cyclic 
group G? of elements, and H is a predefined function ("first function # 1 "), wherein the first 
and second cyclic groups Gi and G? and the function H are system parameters made 
available to the sender, and also available to the sender are system parameters comprising: 

a generator P of the first cyclic group G i; 

a key generation parameter 0 = scP\ 
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a second function Hr capable of generating a second string of binary digits from an 
element of the second cyclic group G? : 

wherein encrypting the digital message M comprises: 

generating an element P'b = Hr(ID r ec) 5 wherein ID rec comprises the identity of the 
recipient and wherein Hy is a function capable of generating an element of the first cyclic 
group Gi from a string of binary digits; 

selecting a random key generation secret r; and 

encrypting the digital message M to form a ciphertext C, wherein C is set to be: 
C = [rP, M © H 2 (g)], where g = e(Q, J P B )e(PK B , P ' B ) e G 2 , where PK B is the 

recipient public key RPUB and wherein e is a bilinear non-degenerate pairing which maps 

Gi X Gi into G 2 . 

1 99. (currently amended) The method of claim 1 84, wherein the recipient 
encryption key RENC is generated from a document and the recipient decryption key RDEC 
is the authorizer's signature on the document. 

200. (currently amended) The m e thod of claim IDA, 

A method for operating a public-key encryption scheme which provides for sending 
a digital message M between a sender and a recipient with participation of an authorizes 
wherein the digital message M is encrypted by the sender using at least a recipient public 
key RPUB and a recipient encryption key RENC to create an encrypted digital message and 
is decrypted by the recipient, the method comprising decrypting, by at least one machine in a 
set of one or more machines, the encrypted digital message using at least a recipient private 
key RPRIV and a recipient decryption key RDEC, wherein: 

the recipient public key RPUB and the recipient private key RPRIV form a public 
key/ private key pair 1, wherein the recipient private key RPRIV is a secret of the recipient: 

the recipient decryption key RDEC is generated using at least a key generation secret 
of the authorizer and the recipient encryption key RENC, wherein a key formed from the 
recipient encryption key RENC and a key formed from the recipient decryption key RDEC 
are a public key/ private key pair 2; 
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wherein the recipient decryption key RDEC is generated by the authorizer to have a 
value S = S cfn , wherein: 

5 £ is the key generation secret of the authorizer; and 

Pn is the recipient encryption key RENC and is equal to ij j /InfW), wherein Infg is an 
element of a first cyclic group G i of elements, wherein Pn is an element of a second cyclic 
group G z of elements, and H± is a predefined function ("first function H£X wherein the first 
and second cyclic groups G i _ and G? an d the function are system parameters made 
available to the sender, and also available to the sender are system parameters comprising: 

a generator P of the first cyclic group G t_: 

a key generation parameter Q = sc P\ 

a second function Hr capable of generating a second string of binary digits from an 
element of the second cyclic group G? : 

wherein both the first group Gj and the second group G? are of the same prime order 

31 

wherein encrypting the digital message M comprises: 
generating an element P' B = Hi>(ID rec ) wherein H v is a function capable of 
generating an element of the first cyclic group Gi from a string of binary digits; 
choosing a random parameter a e {0,1}"; 
set a random key generation secret r = £[3(0% M); and 

encrypting the digital message M to form a ciphertext C, wherein C is set to be: 
C = [rP, M 0 H 2 {£), E H 4 (a)( M )]> where g = KQ, ^B)e(PK B , P 'b) e G 2 , wherein 
PKg is the recipient public key RPUB , wherein H 3 is a function capable of generating an 
integer of the cyclic group Z IqZ from two strings of binary digits, H4 is a function capable 

of generating one binary string from another binary string, E is a symmetric encryption 
scheme, e is a bilinear non-degenerate pairing which maps Gi X Gi into Gj, and H4(o) is the 
key used with E. 
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201 . (currently amended) The method of claim 1 84 further comprising the 
authorizer selecting, by at least one machine in the set of the one or more machines, said key 
generation secret and generating, by at least one machine in the set of the one or more 
machines, the recipient decryption key RDEC and sending, by at least one machine in the set 
of the one or more machines, the recipient decryption key RDEC to the recipient. 

202. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 184. 

203 . (currently amended) A method for operating a public-key encryption scheme 
which provides for sending a digital message M between a sender and a recipient with 
participation of an authorizer, wherein the digital message is encrypted by the sender using 
at least a recipient public key RPUB and a recipient encryption key RENC, wherein the 
recipient public key RPUB and a recipient private key RPRIV form a recipient public key/ 
recipient private key pair, wherein the recipient private key RPRIV is a secret of the 
recipient, and the digital message is decrypted by the recipient using at least the recipient 
private key RPRIV and a recipient decryption key RDEC , the method comprising the 
authorizer performing, by at least one machine in a set of one or more machines, operations 
of: 

selecting a key generation secret that is a secret of the authorizer; 

generating [[a]] the recipient decryption key RDEC using at least the key generation 
secret of the authorizer and the recipient encryption key RENC , wherein a key formed from 
the recipient encryption key RENC and a key formed from the recipient decryption key 
RDEC are a public key/ private key pair; 

sending the recipient decryption key RDEC to the recipient; 

wherein the recipient decryption key RDEC is generated by the authorizer to have a 
value S = S rPn , wherein: 

5 C is the key generation secret of the authorizer: and 
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.Pg is the recipient encryption key RENC and is equal to // i /Infe), wherein Infe is an 
element of a first cyclic group Gj of elements, wherein Pn is an element of a second cyclic 
group G? of elements, and H ± is a predefined function ("first function H"\ wherein the first 
and second cyclic groups G i and Q? and the function H \ are system parameters made 
available to the sender, and also available to the sender are system parameters comprising: 

a generator P of the first cyclic group Gj _; 

a key generation parameter Q = scP; 

a second function H7 capable of generating a second string of binary digits from an 
element of the second cyclic group G? ; 

wherein Infg comprises the identity of the recipient, IDr gn , the recipient public key 
RPUB, and a parameter defining a validity period for the recipient decryption key RDEC . 

204. (currently amended) The method of claim 203, wherein the recipient 
encryption key RENC is generated from information comprising the identity of the recipient. 

205. (currently amended) The method of claim 203, wherein the recipient 
encryption key RENC is generated from information comprising a parameter defining a 
validity period for the recipient decryption key RDEC . 

206. (currently amended) The method of claim 203, wherein the recipient 
encryption key RENC is generated from information comprising the recipient public key 
RPUB . 

207. (currently amended) The method of claim 203, wherein the recipient 
encryption key RENC is generated from information comprising the identity of the recipient, 
the recipient public key RPUB , and a parameter defining a validity period for the recipient 
decryption key RDEC . 

208. (currently amended) The method of claim 203, wherein the recipient 
decryption key RDEC is generated by the authorizer according to a schedule known to the 
sender. 
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209. (currently amended) The method of claim 208, wherein the recipient 
encryption key RENC is generated using at least information comprising the schedule. 

210-211. (canceled) 

212. (currently amended) The method of claim [[210]] 203, wherein both the first 
group Gi and the second group G2 are of the same prime order q. 

213. (currently amended) The method of claim [ [2 1 0] ] 203 wherein the first 
cyclic group Gi is an additive group of points on a supersingular elliptic curve or abelian 
variety, and the second cyclic group G2 is a multiplicative subgroup of a finite field. 

214. (currently amended) The method of claim [[210]] 203 wherein the system 
parameters available to the sender further comprise a function e which is a bilinear, non- 
degenerate, and efficiently computable pairing which maps Gi X Gi into G2. 

215. (previously presented) The method of claim 212 wherein: 
s c is an element of the cyclic group Z IqZ . 

216. (currently amended) The method of claim 203, wherein the recipient 
encryption key RENC is generated from a document and the recipient decryption key RDEC 
is the authorizer's signature on the document. 

217. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 203. 

218-227. (canceled) 

228. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 218. 
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229-238. (canceled) 

239. (previously presented) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 229. 
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